CVE-2023-34434

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.4.0 through 1.7.0

Description The issue affects Apache InLong, allowing an attacker to bypass the current logic and achieve arbitrary file reading by exploiting a deserialization of untrusted data vulnerability. This could enable a remote attacker to read files arbitrarily.

Recommendations To solve this issue, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130.